`7MM"""Yp, `7MM"""Yp, mm `7MN. `7MF' mm MM Yb MM Yb MM MMN. M MM MM dP `7MM `7MM ,pP"Ybd `7M' `MF'MM dP ,pW"Wq.mmMMmm M YMb M .gP"Ya mmMMmm MM"""bg. MM MM 8I `" VA ,V MM"""bg. 6W' `Wb MM M `MN. M ,M' Yb MM MM `Y MM MM `YMMMa. VA ,V MM `Y 8M M8 MM M `MM.M 8M"""""" MM MM ,9 MM MM L. I8 VVV MM ,9 YA. ,A9 MM M YMM YM. , MM .JMMmmmd9 `Mbod"YML.M9mmmP' ,V .JMMmmmd9 `Ybmd9' `Mbmo.JML. YM `Mbmmd' `Mbmo ,V OOb" ============================================================================================= 01000010 01110101 01110011 01111001 01000010 01101111 01110100 01001110 01100101 01110100
Busybotnet is a (deviously named) fork of busybox that aims to make many of the security tools that are often only found on full systems available their resource lacking counterparts we call embedded devices. With the recent surge in popularity of such devices (aka, the explosion of the 'internet of things'), came many, many security issues. Part of the problem is that it's difficult to implement cryptography tools on systems with limited resources, and the rest is caused by incompetent OEM's that never issue updates or bother to patch any of the gaping security holes in their systems. This inevitably leads to the devices being repurpoused by hackers, visa vi botnets... The point of this project is to provide all of the security tools a system admin needs to administer embedded devices in one static binary, hence the term, "Busybotnet".
This is a dangerous executable (in the hands of the wrong person). It contains tools that could be used maliciously. "A script kiddies wetdream", so to speak. Don't leave copies of these binaries lying around without security measures (good file permissions, etc).
As you can see, we have added many new features to busybox. Particulary interesting are the cryptography applets. This is an incomplete list of the applets enabled during my last build:
evil@devbox:~/busybotnet$ ./busybox BusyBox v1.24.1 (2016-03-15 22:49:48 CDT) multi-call binary. BusyBox is copyrighted by many authors between 1998-2015. Licensed under GPLv2. See source distribution for detailed copyright notices. Usage: busybox [function [arguments]...] or: busybox --list[-full] or: busybox --install [-s] [DIR] or: function [arguments]... BusyBox is a multi-call binary that combines many common Unix utilities into a single executable. Most people will create a link to busybox for each function they wish to use and BusyBox will act like whatever it was invoked as. Currently defined functions: [, [[, acpid, add-shell, addgroup, adduser, adjtimex, aescrypt, arp, arping, ash, awk, base64, basename, beep, beer, bindtty, blkid, blockdev, boink, bonk, bootchartd, brctl, bunzip2, bzcat, bzip2, cal, cat, catv, chat, chattr, chgrp, chmod, chown, chpasswd, chpst, chroot, chrt, chvt, cksum, clear, cmp, coke, comm, conseal, conspy, cp, cpio, crond, crontab, crypthash, cryptpw, cttyhack, cut, date, dc, dcd3c, dd, deallocvt, delgroup, deluser, depmod, devmem, df, dhclient, dhcprelay, dhgenprime, diff, dirname, dmesg, dnsamp, dnsd, dnsdomainname, dos2unix, dpsc, dpss, du, dumpkmap, dumpleases, ecdsa, echo, echoize, ed, egrep, eject, env, envdir, envuidgid, ether-wake, expand, expr, fakeidentd, false, fatattr, fbset, fbsplash, fdflush, fdformat, fdisk, fgconsole, fgrep, find, findfs, flash_eraseall, flash_lock, flash_unlock, flashcp, flock, fold, free, freeramdisk, fsck, fsck.minix, fstrim, fsync, ftpd, ftpget, ftpput, fuser, genericsum, genkey, getopt, getty, gewse, gewse5, grep, groups, gunzip, gzip, halt, hd, hdparm, head, hexdump, hostid, hostname, httpd, hush, hwclock, i2cdetect, i2cdump, i2cget, i2cset, id, ifconfig, ifdown, ifenslave, ifplugd, ifup, inetd, init, inotifyd, insmod, install, ionice, iostat, ip, ipaddr, ipcalc, ipcrm, ipcs, iplink, iproute, iprule, iptunnel, jolt, kbd_mode, kill, killall, killall5, kissofdeath, kkill, klogd, knbot, land, last, latierra, less, linux32, linux64, linuxrc, ln, loadfont, loadkmap, logger, login, logname, logread, losetup, lpd, lpq, lpr, ls, lsattr, lsmod, lsof, lspci, lsusb, lzcat, lzma, lzop, lzopcat, makedevs, makemime, man, md5sum, mdev, mesg, microcom, mkdir, mkdosfs, mke2fs, mkfifo, mkfs.ext2, mkfs.minix, mkfs.vfat, mknod, mkpasswd, mkswap, mktemp, modinfo, modprobe, more, mount, mountpoint, mpstat, mqtte, mt, mv, nameif, nanddump, nandwrite, nbd-client, nc, nestea, netscan, netstat, newtear, nice, nmeter, nohup, nslookup, ntpd, ntpdos, od, openvt, orgasm, ottf, passwd, patator, patch, pgrep, pidof, ping, ping6, pipe_progress, pivot_root, pkdecrypt, pkencrypt, pkill, pksign, pmap, pong, popmaildir, poweroff, powertop, printenv, printf, proxcat, ps, pscan, pstree, pubclient, pud, pwd, pwdx, raidautorun, raped, rdate, rdev, readahead, readlink, readprofile, realpath, reboot, reformime, remove-shell, renice, reset, resize, rev, rm, rmdir, rmmod, route, rpm, rpm2cpio, rsadecrypt, rsaencrypt, rsagenkey, rsasign, rsaverify, rtcwake, run-parts, runlevel, runsv, runsvdir, rx, script, scriptreplay, sed, sendmail, seq, setarch, setconsole, setfont, setkeycodes, setlogcons, setserial, setsid, setuidgid, sh, sha1sum, sha256sum, sha3sum, sha512sum, showkey, shuf, slattach, sleep, smemcap, snmpdos, sockstress, softlimit, sort, spiffit, sping, split, start-stop-daemon, stat, stream, strings, stty, su, subclient, sulogin, sum, sv, svlogd, swapoff, swapon, switch_root, sync, synk4, synscan, sysctl, syslogd, tac, tail, tar, tcpsvd, teardrop, tee, telnet, telnetd, test, tftp, tftpd, time, timeout, top, torloris, touch, tr, traceroute, traceroute6, true, truncate, tty, ttysize, tunctl, ubiattach, ubidetach, ubimkvol, ubirmvol, ubirsvol, ubiupdatevol, udhcpc, udhcpd, udpdata, udpspoof, udpsvd, uevent, umount, uname, uncompress, unexpand, uniq, unit, unix2dos, unlink, unlzma, unlzop, unxz, unzip, uptime, users, usleep, uudecode, uuencode, vconfig, vi, vlock, volname, wall, watch, watchdog, wc, wget, which, who, whoami, whois, wingatecrash, xargs, xersex, xersextcp, xz, xzcat, yes, zcat, zcip
evil@devbox:~/busybotnet$ ./busybox rsaencrypt -h . Seeding the random number generator... . Reading public key from rsa_pub.txt . Generating the RSA encrypted value . Done (created "result-enc.txt") evil@devbox:~/busybotnet$ ./busybox ecdsa . Seeding the random number generator... ok . Generating key pair... ok (key size: 192 bits) + Public key: 042B22958EAEABB744D2B0C7F3BA71133400D498725FFB86B2B4C3EDE4EB188741DBC1777779C3B20914F7E96AB4FB359E . Signing message... ok (signature length = 55) + Hash: 546869732073686F756C64206265207468652068617368206F662061206D6573736167652E00 + Signature: 30350218788C84CAE1B3A4D4E297FDC517889D1C102B899E202A6C09021900CA152006C9526719C901203AA037E8CD5FC29E1D2A9CEDAF . Preparing verification context... ok . Verifying signature... ok evil@devbox:~/busybotnet$ ./busybox ecdsa -h usage: ecdsa evil@devbox:~/busybotnet$ ./busybox ecdsa --help BusyBox v1.24.1 (2016-03-15 22:49:48 CDT) multi-call binary. Usage: ecdsa NoneNone evil@devbox:~/busybotnet$ ./busybox crypthash -h crypt_and_hash : 0 = encrypt, 1 = decrypt example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193 Available ciphers: AES-128-ECB AES-192-ECB AES-256-ECB AES-128-CBC AES-192-CBC AES-256-CBC AES-128-CFB128 AES-192-CFB128 AES-256-CFB128 AES-128-CTR AES-192-CTR AES-256-CTR AES-128-GCM AES-192-GCM AES-256-GCM AES-128-CCM AES-192-CCM AES-256-CCM ARC4-128 BLOWFISH-ECB BLOWFISH-CBC BLOWFISH-CFB64 BLOWFISH-CTR CAMELLIA-128-ECB CAMELLIA-192-ECB CAMELLIA-256-ECB CAMELLIA-128-CBC CAMELLIA-192-CBC CAMELLIA-256-CBC CAMELLIA-128-CFB128 CAMELLIA-192-CFB128 CAMELLIA-256-CFB128 CAMELLIA-128-CTR CAMELLIA-192-CTR CAMELLIA-256-CTR CAMELLIA-128-GCM CAMELLIA-192-GCM CAMELLIA-256-GCM CAMELLIA-128-CCM CAMELLIA-192-CCM CAMELLIA-256-CCM DES-ECB DES-EDE-ECB DES-EDE3-ECB DES-CBC DES-EDE-CBC DES-EDE3-CBC Available message digests: SHA512 SHA384 SHA256 SHA224 SHA1 RIPEMD160 MD5 evil@devbox:~/busybotnet$ ./busybox aescrypt -h aescrypt2 : 0 = encrypt, 1 = decrypt example: aescrypt2 0 file file.aes hex:E76B2413958B00E193 Usage: xersex NoneNone evil@devbox:~/busybotnet$ ./busybox xersex fags.com 80 [Connecting -> fags.com:80 [Connecting -> fags.com:80 [Connecting -> fags.com:80 [Connecting -> fags.com:80 [Connecting -> fags.com:80 [Connecting -> fags.com:80 [Connecting -> fags.com:80 ^C evil@devbox:~/busybotnet$ ./busybox wget BusyBox v1.24.1 (2016-03-15 22:49:48 CDT) multi-call binary. Usage: wget [-c|--continue] [-s|--spider] [-q|--quiet] [-O|--output-document FILE] [--header 'header: value'] [-Y|--proxy on/off] [-P DIR] [-U|--user-agent AGENT] [-T SEC] URL... Retrieve files via HTTP or FTP -s Spider mode - only check file existence -c Continue retrieval of aborted transfer -q Quiet -P DIR Save to DIR (default .) -T SEC Network read timeout is SEC seconds -O FILE Save to FILE ('-' for stdout) -U STR Use STR for User-Agent header -Y Use proxy ('on' or 'off') evil@devbox:~/busybotnet$ ./busybox wget https://google.com Connecting to google.com (216.58.216.238:443) Connecting to www.google.de (216.58.216.227:443) index.html 100% |****************************************************| 19570 0:00:00 ETA evil@devbox:~/busybotnet$ ./busybox proxcat connect --- simple relaying command via proxy. Version 1.97 usage: proxcat [-dnhst45N] [-p local-port][-R resolve] [-w timeout] [-H proxy-server[:port]] [-S [user@]socks-server[:port]] [-T proxy-server[:port]] [-c telnet-proxy-command] host port evil@devbox:~/busybotnet$ ./busybox netscan -h [*] Network Scanner v1.0 starting at 22:51:11 Mar 15 2016 [*] -c | --connect Tcp protocol -s | --syn Syn packet scanner -t | --tor Tor scanner default 127.0.0.1:9050 -u | --udp Udp protocol -b | --banner Parse service banner -p | --port Port method A, A-B, A,B,C,D -d | --delay Delay synpack in ms [min: 50000] -v | --verbose Verbose output -h | --help Print help menu Example: scan -s google.it scan -c google.it scan -t google.it scan -c -b google.it scan -c -p1-100 google.it scan -c -p1,2,3,4 google.it
Building is litterally 3 commands
Step 1:
$ make clean
Step 2:
$ make menuconfig
-- Configure your build
-- Choose applets to include
-- If we're cross compiling see below...
Step 3:
$ make
To install, run ./busybox --install -s /path/to/wherever
Cross-compiling busybo* is easy. First, you need a toolchain.
Step 1:
Grab the latest buildroot and build it (same as above, $ make clean;make menuconfig;make)
Step 2
Configure with make menuconfig -- Specifically, tell busybotnet where your toolchain and sysroot are located.
Step 3
$ make
That's it!
Great! We've even included a shell script (add.sh) that simplifies the process of adding applets to busybotnet (or just plain busybox). If you want to improve busybotnet, fork our code and submit a pull request.
BusyBotNet is licensed under the GPL. You should have received a copy of the GPL with the source code. You are permitted to use, modify, copy and redistribute so long as you keep the source open & available and credit the authors.
Authors: Kod & Shellz
Concept originally by Shellz.
Brought to life by Kod
Busybox GPL source code forked from busybox.net
Authors of any applets included are in the source. I will add them here when I get around to it.
If you add an applet, please do credit the original author (even if it's you).